It seems as if when the prefix “cyber” sits in front of a word right now it instantly gets attention. No combination of “cyber” is getting more attention in the automotive world right now than cyber-security. That is probably fitting. This topic has the potential be put the cyber-brakes on connected cars and the efforts of the aftermarket to maintain the kind of access to vehicle networks we “think” we are going to need going forward. I put that in quotes because, short of a cyber-crystal ball, nobody knows for sure what the future holds. There are a few folks who are making the future instead of trying to predict it. I had an opportunity to talk with one of them. I hope his insights help us understand the complexity of rethinking an industry from the inside out.
Mahbubul Alam is the Chief Technical Officer of Movimento. I have had the pleasure of listening to him speak on several occasions. Mahbubul agreed to sit down with me and explain some of the initiatives his company is working on alone and with other companies. As we began to speak, it became clear that without a framework most of our conversation would not be helpful to you. To that end, I am going to first say that Movimento is handling the over-the-air (OTA) programming for Dodge on the new Ram 1500 V6 diesel and for Ford on the new Fusion. Both are loaded with lots of new technologies that are expected to need frequent updates. Herein lies one of the core shifts in strategy that is occurring in automotive design; the software-first design.
Mahbubul explains it like this: We have been building vehicles and then putting security on their systems like traditional firewalls where the object is to keep intruders out. It has now become necessary to not assume that the vehicle is safe from within. The tire pressure monitoring system is one of the easiest ways for a “bad guy,” as Muhbubal says, to access another part of the CAN bus and cause mischief.
To remove these easy access points, each part of the vehicle must be taken into consideration during the design phase and a minimum level of security must be expected even at a component level.
That is not to say that the navigation system needs the same level of security that the electronic steering or PCM needs. What Movimento and others are designing is a means to provide the right security depending on the level of risk present if a breach occurs. Think of it like this: if someone gets past the lock on your house, they have access to every room. The idea with cars and trucks is that there are compartments for each component, so that if someone can break into your infotainment system and make Milli Vanilli play, they will have to face different and much more difficult encryption on each further compartment they attempt to breach.
This means that diagnostic tools are going to need a means to access each system with the right “secret handshake.” This already occurs in many vehicles and has been a source of frustration for many tool makers as there has not been a “standardized” approach to which systems are encrypted. The key thing right now is that the CAN bus is not protected or encrypted. This is not going to be acceptable as we cede responsibility for emergency responses like braking and steering to more modules on vehicles.
Let me take you back to the idea of security breaches. Mahbubul says, “Security is not a one-time design. It is an ongoing race against bad guys. Rogue nations are hiring people to do bad things.” Many have said it is not a matter of if, but when, a system will get a security breach. The desire is to be able to put a vehicle out with your very best design at release and then track its systems telematically to capture issues that occur or attempted hacking and get on top of them quickly. Mahbubul explains, “You need to have a way to collect data from the modules on the vehicle to make sure that a function is working correctly and has not been affected maliciously.” He also points out that despite extensive use of case trials, you may not have tested a particular practical-use scenario that a customer comes up with to determine if it works. These are two reasons that software may have to be updated and why OTA programming provides a quick means to push those updates out. Tesla has been doing this from the beginning and appears to have a low-profile way to push out updates that is not inconvenient to customers.
At the core, the idea is to build vehicles that have the security software integrated from the inception of the design, and then to create a “no trust” network that requires “mutual authentication” so that a vehicle cannot be hacked from inside or out easily and certainly not on a wholesale level. This means that as repairers we need to be preparing for a generation of cars that have already hit the streets. There are many people working on your behalf to make sure you can repair these vehicles, but it will depend upon you to get out of your shop and learn about these technologies to stay on the cutting edge.
